I am using LDAP to authenticate my users (with fallback to FOS User Bundle). Everything works fine, I can log in.
This has, however created a "new" problem. I wish to control who can log into the application using FOS, but control their password using LDAP.
I tried this using ROLES:
- { path: ^/, role: ROLE_PGM_USER }
but that isn't the right place as the user has already logged in at this point.
Is there a way to configure fr3d to also check the fos "enabled" field and then display a custom message if they are not allowed to log in?
Found it.
Use the instructions here to override the LdapManager (https://github.com/Maks3w/FR3DLdapBundle/blob/master/Resources/doc/cookbook/override_ldap-manager.md).
Then change the bind function like so:
/**
* {@inheritDoc}
*/
public function bind(LdapUserInterface $user, $password)
{
if (!$user->hasRole('ROLE_PGM_USER')) {
return false;
}
return $this->connection->bind($user->getDn(), $password);
}
This way users without "ROLE_PGM_USER" are prevented from logging in.